Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
Defender vs a Novel Stealer Variant
Message
<blockquote data-quote="Andy Ful" data-source="post: 1014285" data-attributes="member: 32260"><p>I asked myself many times: Why Microsoft did not choose to (optionally) protect exclusions via Tamper Protection?</p><p>Microsoft guys think that this method cannot be used as an initial attack vector but only to obtain persistence. That is partially true. Furthermore, adding exclusions is not a perfect solution, because it works only on the pre-execution level - the malware can be still detected by behavior.</p><p></p><p>Anyway, I think that [USER=7463]@cruelsister[/USER] is right in the case of info stealers. The behavior of such malware is usually hardly detected, because its impact on the system is minimal and well hidden.</p><p>This malware (and many more) can be mitigated by hardening the firewall (blocking outbound connections to LOLBins, like powershell.exe, vbc.exe, etc.</p></blockquote><p></p>
[QUOTE="Andy Ful, post: 1014285, member: 32260"] I asked myself many times: Why Microsoft did not choose to (optionally) protect exclusions via Tamper Protection? Microsoft guys think that this method cannot be used as an initial attack vector but only to obtain persistence. That is partially true. Furthermore, adding exclusions is not a perfect solution, because it works only on the pre-execution level - the malware can be still detected by behavior. Anyway, I think that [USER=7463]@cruelsister[/USER] is right in the case of info stealers. The behavior of such malware is usually hardly detected, because its impact on the system is minimal and well hidden. This malware (and many more) can be mitigated by hardening the firewall (blocking outbound connections to LOLBins, like powershell.exe, vbc.exe, etc. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
